internal audit in 2021 and beyond

A Profession in the State of Material Change

IIA Calgary Virtual Meeting

April 28th, 2021

Internal Audit in 2021 and Beyond

MNP.caWherever business takes you

Richard Arthurs, FCPA, FCMA, MBA, CFE, CIA, CRMA, QIAL

Partner, Enterprise Risk Services

National Leader – Internal Audit Services

Past Chair – IIA Canada Board

Past Roles:

VP Audit, Risk & Compliance – Berkshire Hathaway Energy, Canada

Global Director of Audit & Risk – General Mills Inc.

587.583.9155 | [email protected]


Agenda

3

1. Risk in 2030

2. The Future of Governance

3. Critical Skills Required in the Next Decade

4. Next Generation Internal Audit

5. Internal Audit Hot Topics 2020-2030

•Continuous Risk Assessment and Scenario Planning

•Integrated Assurance and Advisory

•Risk Analytics

•AI Continuous Monitoring

•Agile Internal Audit (Change in IA Culture)

•Virtual Auditing, Meetings, and Networking

•Hyper & Continuous Learning

•Data Governance, Monitoring & Security

•Environment, Social, and Governance

•Third Party Risk Management

•A Degree in Internal Audit

6. The Future of IIA Canada


1990 2000 2020

SOX Legislation Started

2002

COSO & ERM

2003 onwards

Y2K & Dot Com Crash1999

DigitalTechnology

Regulation

Data Analytics

ThoughtLeadership

Economic & Political Events

Data Analytics & Continuous Monitoring2004 onwards

Internet Launched

Late 1980’s

iPhone Launched & Cloud Boom2008

Visual Analytics, Cloud & IA

2010 onwards

2010

COVID19

2020

Dodd Frank Act

2010

Financial Crash2008

IA Consulting Role

1995 onwards

Agile IA

2019 onwards

IA Advisory Role

2008 onwards

Integration of AI, ML, RPA & IA

2015 onwards

IIA Three Lines of Defence2008-10 onwards

Social Media Boom2008 Onwards

GDPR & Privacy Policy

2018

SEC Increases FCPA Enforcement

1995 onwards

Applied Data & Robotics

2015 onwards

US Election

2016

Internal Audit Report Leading

Practices

• Financial Focused• Long and Detailed Reports• Minimal Use of Technology• 100% Audits• Most Auditors are CPA’s• Compliance Focus Instead of Risk

• Risk Focused• Shorter Issue Focused Reports• Data Analytics Experimentation• 70% Audits & 30% Advisory• IA Leading SOX Implementations• Most Auditors are CPA’s• Growing Operational Audits• Increasing Focus on IT & Cyber Security

• Risk & Value Focused• Shorter & Concise Reports• Data Analytics Expertise• 40% Audits & 60% Advisory• IA Becoming Trusted Advisor• Multi Discipline Audit Teams• Growing Technology & Data Audits• Increasing Focus on Disruption & Impact

From Technology • Co-Source and Out-Source Models

• Agile Risk & Value Focus• Real Time Continuous Monitoring,

UBER Audits & Data Analytics Dashboard Reporting

• Virtual Remote Auditing• Extensive use of Analytics and AI• Extreme Change Driving Risk• Increasing Focus on Business

Models , Sustainability & ESG• Co-Source Model Very Common


Polling Question 1

1. Risk in 2030


Anticipating Future Risk

• Maturing Intelligent Digital Technologies

• Ongoing Global Pandemic Risk Mitigation

• Self-Disruption is a Competitive Advantage

• War for Leadership Succession Talent

• Extreme Generational Differences in Preferences

• Constant Increase in ESG Expectations

• Data Insight Competitive Advantage

• Never Ending Cyber Threat Innovation

• Virtual, Automated, and Continuous Risk Management

• Robot Co-Workers


8

8

Gartner 2020 Technology Mega Trends

• People Centricity

• Internet of Behaviors

• Total Experience Strategy

• Privacy Enhancing Computing

• Location Independence

• Distributed Cloud

• Anywhere Operations

• Cybersecurity Mesh

• Resilient Delivery

• Intelligent Composable Business

• AI Engineering

• Hyper Automation

2. The Future of Governance


NEW - IIA Three Lines Model (Interactive Governance)


As ERM Matures It Will Separate From IA


Polling Question 2

3. Critical Skills Required in the Next Decade


14

14

2016 – 2030 Forecasted Change in Hours Worked

Source: McKinsey

MNP.caWherever business takes you 15

Higher Cognitive Skills Vs. Basic Cognitive Skills

Source: McKinsey


Skills NeededToday vs Future

Source: McKinsey

4. Next Generation Internal Audit


Next Generation Internal Audit


Polling Question 3

5. Internal Audit Hot Topics 2020-2030


Continuous Risk Assessment & Scenario Planning


Integrated Assurance and Advisory

Management

Assurance

External AssuranceInternal Assurance

• Strategy

• Operations

• Quality

Management

• Finance &

Treasury

• Information

Technology

• Development

• Engineering

• Commercial

Services

• Supply Chain

• Others

• External audit

• ISO

• Sustainability

• Actuarial

• Others

• Risk Management

• Regulatory Compliance

• Legal

• Company Secretary

• Health and Safety

• Others

Combined

Assurance to

Board &

Executives

Risk areas affecting the company

Combined assurance will leverage an

existing model - such as the three lines

model - to help clarify roles and

responsibilities for assurance providers

Profiling assurance providers


Risk AnalyticsCritical Risk Analytics Capabilities

Technical & Analytical

Testing & ValidationDefining, developing, and implementing quality

assurance practices

SQL QueryingQuerying and manipulating data to facilitate

the solving of more complex problems

Data ModellingStructuring data to enable the analysis of

information, both internal and external to the

business

Data AnalyticsValuating data using analytical and logical

reasoning for the discovery of insight [e.g. predictive

modeling]

Reporting SoftwareUnderstanding the underlying theory and

application of key reporting software

Business & Communication

Technology AlignmentUnderstand how technology can be leveraged to solve

business problems

Macro-PerspectiveUnderstanding the company’s business strategy,

current business issues and priorities, and current

industry trends

Business KnowledgeUnderstand the business measurement of key

performance indicators and business frameworks

Business CommentaryArticulation of insight to explain current and forecasted

trends, their impact and opportunities for the business

Soft SkillsCommunication and interpersonal skills necessary to

articulate insight gained from analysis

Bu

sin

ess

Acu

men

Sto

ryte

llin

g

Tech

nic

al Skill

sD

ata

An

aly

tics


Risk Analytic Projects

24

Data Integrity

Assurance

Client wants

comfort that the

data has integrity

Compliance to

Internal Policy or

Regulation

Identify anomalies

outside of

acceptable ranges

Vendor Billing

Determine

inaccurate billing

based on

comparison to

contract terms

Fraud Detection

Identify red flags

that may lead to

fraudulent activity [i.e. Benford’s Law]


Risk Analytic Projects

25

Inaccurate

Accounting

Identify

anomalies that

could indicate

inaccuracies

Display Trends

Over Time

Utilize visual

analytics to display

positive and

negative tends

Global Mapping

of Activity/

Assets/Other

Overlaying critical

data and activities

on a geographic

map

Predictive and

Descriptive Capability

Advanced prediction

on what happens

next and prescribed

action plan


AI Continuous Monitoring


Agile Internal Audit

• Perfect communication

• Rigidly planned activities

• Comprehensive documentation

• Established roles

• Following a preset plan

• Auditing to IA resources

• Control of the audit process

• Frequent communication

• Quick, iterative activities

• Timely, relevant documentation and

reporting

• Empowered roles and flexible system

• Responding to emerging needs

• Transparency in the process

• Making the Shift to Agile (Small a)

From To


Virtual Auditing, Meetings, and Networking


Hyper and Continuous Learning


Data Governance Monitoring & Security


ESG: Environment, Social, and GovernanceESG, which stands for Environmental, Social and Governance, refers to a cluster of non-financial factors about a company that can

sometimes prove material for investors and other stakeholders.

The disclosure topics below can have a material impact on an organization’s operating and financial performance… and all are driven by the

operating culture of the organization.

•Energy efficiency

•Carbon footprint

•Water usage

•Waste management

•Packaging

•Biodiversity

management

•Employee attraction

and retention

•Diversity and inclusion

•Pay equity

•Customer data privacy

•Social acceptability of

projects/business

•Organizational culture

•Climate change

•Cybersecurity

•Corruption and

bribery

•Responsible taxes

•Compensation

•Reliable financial

disclosure

Environmental Social Governance

31


1Baseline

Assessment

2Stakeholder

Identification &

Consultation

3 ESG Framework

4Impact

Assessment

5Data

Management

▪ Validate mapping of operational footprint, products and services, as well as customers, markets and geographic locations.

▪ Completeness and accuracy of evaluation is necessary for ESG adoption.

▪ Validate identification of all stakeholders directly influencing and/or being influenced by your organization.

▪ Ensure stakeholder consultation is sufficient and remains unbiased.

▪ Assess reasonableness and applicability of framework adopted (or to be adopted) for alignment▪ Ensure framework meets industry requirements, regulatory expectations, and comparability

with like entities.▪ Where more than one framework is selected ensure appropriate mapping between each.

▪ Reassess management’s approach to and conclusions regarding both positive and negative ESG impacts resultant from operations and in line with ESG framework requirements.

▪ Identify key metrics to be used to measure success in pursuit of sustainability strategies.▪ Evaluate sufficiency of approach to emerging ESG factors and/or risk issues.

▪ Identify the data necessary to report on ESG strategy (i.e. source, workflow, calculation and storage).

▪ Assess the control environment designed to ensure data is complete and accurate for decisions and reporting across the management system.

Key Considerations of CAE in ESG

32


6Target

Setting

7Progress

Monitoring

8Policies and

Procedures

9 Reporting

10 Governance

▪ Evaluate whether targets have been identified by management, are SMART, and stretch the organization for achieving meaningful change.

▪ Assess whether targets are prioritized based on significance from impact assessment.

▪ Evaluate linkage of ESG targets to strategic priorities and ensure management is sufficiently monitoring/tracking performance.

▪ Identify risk(s) of missing targets and implications to strategy and operations.

▪ Assess policies and procedures to ensure expected ESG actions and behaviors are embedded.▪ Review policies and procedures routinely to ensure relevant and timely reflection of changes

from internal and external factors.

▪ Evaluate disclosure controls and procedures for integrated reporting, standalone sustainability reporting, or online provision.

▪ Assess management’s opinion of target(s) achievement.▪ Obtain third-party SME to calculate and validate metrics where appropriate (i.e. GhG).

▪ Evaluate board training/conduct board training on ESG.▪ Evaluate board reporting whether includes necessary information for required board oversight.▪ Provide IA opinion on testing conducted to validate ESG disclosures.

Key Considerations of CAE in ESG

33


Third Party Risk Management


A Degree in Internal Audit


Polling Question 4

6. The Future of IIA Canada


The Future of IIA Canada:

• Connected Global Network (200+ Countries) Through New Digital Cloud System

• New Global Branding and Promotion

• Enhanced IA Standards (Assurance and Advisory)

• Increase in Advanced Technology Professional Development

• Country Specific Research and Thought Leadership

• Increased Global Work Opportunity

• Hybrid Virtual and In-Person Conferences and Training

• Full and Virtual Chapters

• Global Networking and Communication Opportunity


2021-2023 Canadian Board

Past Chair

Richard ArthursChair

Guy Desrochers

Sr. Vice Chair

David Helberg

NAB Rep

Beili Wong

Janet

Hnytka

Natalie

Lalonde

(New)

Nancy

Russell

(New)

Tony

Malfara

Leah

White

(DA)


2021-2022 STRATEGIC PLAN REFRESH


STRONGER TOGETHER – 2020-2021 STRATEGIC PLAN

CORE PURPOSE

To lead the Canadian Internal Audit profession and advance its value.

VISION

Internal audit professionals are universally recognized as agile trusted advisors, and indispensable for effective

governance, risk management and control optimization

GOALS

Together we will:

Strengthen the profile and demand for the Internal Audit profession in Canada

Support members by providing the resources they need to excel

Expand the leadership presence, capability and capacity of the Internal Audit profession in Canada

STRONGER TOGETHER – 2021-2022

STRATEGIC PLAN REFRESH

REFRESH


STRONGER TOGETHER – 2021-2022 STRATEGIC PLAN REFRESH

IIA CANADA’S 3 PILLARS

ADVOCACY

PROFESSOINALISM

SUSTAINABILITY

▪ Together we will promote internal audit as a profession of choice to potential sources, and to those

organizations that create and develop internal audit functions. We will do this with a view to expand and

sustain the availability of skilled Internal Auditors with diverse experience, and deep competencies to serve

across different sectors.

▪ Together we will educate, promote, and enhance the value (Governance, Risk Management, & Compliance) of

internal audit to stakeholders who grow and sustain internal audit functions across key sectors. We will do this

by identifying stakeholders, understanding their needs, and leveraging The IIA Canada, Chapter resources, and

other collaborators to promote the value and benefits of internal audit.

▪ Together we will develop a Thought Leadership Program to actively share emerging thinking on the changes

and disruptions facing our industry to help IA professionals prepare themselves.

▪ Together we will champion the ongoing professional development of IA professionals and ensure they know

the full range of resources available to support them.

▪ Together we will develop and implement a Membership Growth Strategy.

▪ Together we will grow the capacity and relevance of our profession through strategic partnerships with key

stakeholders.

Questions & Answers

mnptechnology.ca

Thank You!Richard Arthurs, FCPA, FCMA, MBA, CFE, CIA, CRMA, QIAL

Partner, Enterprise Risk Services

National Leader – Internal Audit Services

587.583.9155 | [email protected]

mnptechnology.ca

•Wherever business takes you MNP.ca

internal audit in 2021 and beyond

Documents